Speech by Foreign Minister Annalena Baerbock at the “Shaping Cyber ​​​​Security” conference in Potsdam

One night in late summer, paramedics treat a 78-year-old woman who is in critical condition. They rush her into an ambulance. But when they call the local hospital, they are told: We are very sorry, but we cannot accept the patient.

They must go to another hospital, 32 kilometers away. This delay seriously affects the patient’s condition – and the woman dies soon after.

When I read this in the newspaper, I thought: this cannot be true; in Germany, hospitals do not reject patients in the emergency room. But then I read on – and the article explained that the reason the hospital couldn’t accept the patient was because of a ransomware attack on their servers. The hackers encrypted the hospital data and then demanded payment to release it. The hospital was therefore forced to suspend emergency care and postpone operations.

This is not the plot of the next Matrix movie. This happened at the University Hospital Düsseldorf in September 2020.

These types of cyberattacks – on hospitals, on power grids or against businesses – are carried out every day, in many places around the world.

Most recently, Montenegro and Albania were hit by attacks that paralyzed their economy and public life.

In Costa Rica, an attack crippled the Ministry of Finance and public health networks, forcing President Rodrigo Chaves to declare a national state of emergency.

And we all remember the ransomware attack that disrupted the Colonial pipeline, affecting consumers and airlines across the United States.

All of this shows that the damage caused by cyberattacks is real.

German tech industry association Bitkom estimates that they have cost the German economy more than €200 billion in each of the past two years.

Often, criminals are behind such attacks.

But states also use cyberspace to spy on industry and politicians, spread disinformation, and meddle in democratic processes.

We saw this in the run-up to last year’s federal election, when the Russian state-run group Ghostwriter targeted scores of parliamentarians with phishing attacks on their private and official email accounts.

Cybertechnology is also part of modern warfare – as we saw in Russia’s war of aggression against Ukraine.

On the day of the invasion, February 24, Russia attacked the Viasat communications network, causing a communications blackout for Ukraine.

When I was in Kyiv earlier this month, I learned how experts from the Ukrainian Cybersecurity Authority are taking action against Russian cyberaggression: they use crowdsourced intelligence to report troop movements, they deploy terminals Starlink to keep Ukrainians connected online and they fought off attacks on their energy systems.

Germany, like many other countries, is supporting Ukraine in these efforts – providing hardware and funding projects that help people stay connected online, even in combat zones. Often these relationships are the only way for them to ensure that their loved ones are safe.

What is clear to us is that today’s wars and conflicts are fought not only with bullets and cruise missiles, but also with robots and malware.

Cyberspace will therefore be a key factor in our national security strategy, which the federal government is currently working on.

Because ensuring the security of our citizens means not only protecting them against war and violence, but also protecting the fundamental freedoms that define our society.

In our digital world, we need a secure cyberspace for the interactions we engage in every day: from messaging our children to shopping online, to medical treatment using digital tools.

Securing cyberspace is therefore at the heart of our security policy.

We take a four-pronged approach:

First, with our partners, we will strengthen our ability to detect, protect against and recover from cyber threats. If we are hit by a cyber attack, we will ensure that people can still use the railways and receive medical care and that the police force can continue to operate. To do this, we need stronger and more resilient infrastructure.

Second, cyberspace is not an unregulated domain. The provisions of international law also apply to cyber activities. But we need to do much more to implement the agreed standards. This is the objective of our work within the UN and the OSCE.

Third, we will effectively fight cybercrime. This means we will act quickly and decisively against hackers – with state-of-the-art cyber units and technology. But it also means holding accountable states that condone or support criminal activity — difficult as that often can be.

Fourth, we will strengthen international cooperation, dialogue and development. Our safety also depends on the safety of our neighbors and friends. We are joining forces in the EU – and finally NATO Summit, we made the decision to set up virtual rapid response teams that will bring together our most skilled experts after cyberattacks to help fight hackers.

To make progress in these four areas, we have important work to do at the national level. In Germany, we know that our systems need to be updated urgently.

The first question we need to ask ourselves is: do we have the right set of laws and institutions to deal with cyberattacks?

The federal government must establish the legal basis for combating cyber threats, including when they affect several federal states. At present, there are too many different procedures and institutions in our various federal states and cities. This must change. To act more effectively, we must assign clear responsibilities for cyber defense, including below the threshold of military attacks.

Personally, I firmly believe that we must join forces – even if that means changing our Basic Law.

The second question is: do we have the right methods and procedures to ensure cybersecurity?

To prevent cyberattacks at an early stage, risk analysis and early warning are essential. The German federal government needs to get all the relevant information quickly, and it needs a strong National Cyber ​​Response Center. The Federal Foreign Office can contribute to these efforts through its international network of government officials, as well as by providing information and access to cyber experts and civil society representatives around the world.

And, above all, the German government needs secure communication – even if in 2022 it seems hard to believe that we still have to work on this.

This is particularly important for the Federal Foreign Office, with its more than 230 embassies and consulates worldwide, and given the interest that various actors have in its data. Our IT experts are therefore setting up new, highly secure channels that all federal agencies and German missions abroad can use to communicate with each other. From 2023, we will also develop highly secure communication channels with other countries.

In addition to this, we are working on opening the first German “data embassy”, a data center located outside of German territory where we will store critical information and protect it from attacks on our systems.

Professor Meinel, you mentioned that you have a master’s program in cybersecurity here at your institute. To all students who will soon be graduating: The Federal Foreign Office is a great place to work, as is the public sector in general.

Ladies and gentlemen,

I spoke very openly about all these issues, because we really have to redouble our efforts.

Putin’s war of aggression confronts us with a new reality. She stressed the need for a deeper international dialogue on security and cyber policy.

Defend cyberspace and ensure it remains free, open, stable and secure.

Ensure that it protects the fundamental freedoms of our citizens.

To ensure a society where we can communicate safely with our loved ones,

where we can hold free and fair elections,

where our universities and businesses can operate safely,

and where our hospitals can provide essential services to people who urgently need them.

Because cybersecurity is human security. It is our security.

That is why I am so happy to welcome you all here in Potsdam today.

This event is an opportunity for you to share your ideas on how to tackle one of the greatest challenges of our digital age.

We need all sectors of society to be involved: governments and civil society, industry and academia. And we have to think outside the box.

When I was in Kyiv, as I already said earlier, I visited the Cybersecurity Authority. I walked into a room and there were students sitting there, I guess between the ages of sixteen and twenty-two. And I said: you are our real experts.

I think this is how we should approach things in Germany and also in other European countries – we need more courage to think outside the box to counter cyberattacks.
This is the idea behind this conference.

I hope you all have stimulating discussions.